TheMerchant Processing Guru Tip#15: Storing credit card information securely under the PCI compliance processing guidelines.
If you need to store your customers credit card information for future sales or monthly recurring billing purposes etc. you want to avoid storing it on your computer as this is what the new PCI guidelines are cracking down on. If you can’t store this information on your computer any more, then where can you store it that makes sense you ask? I am glad you did. Probably the most secure place you can store credit card information today for recurring billing purposes is on a PCI approved online gateway that is set up for recurring billing. This is not only secure according to PCI guidelines but removes any of the risk and responsibility from you to the vendor of the secure gateway. They are in a much better position to assume the risk and responsibility in this area than any small business is, so let them. Another great aspect of using an online gateway for your recurring billing is that you do not need to spend a large sum of money on software and updates, you will just have a small monthly gateway fee that will take care of everything.
Storing card information on your accounting software, database or any other programs on your computer that are not used to process them is also something that the PCI SSC is trying to crack down on. The reason is that ANY information that is stored on your computer any where is vulnerable to hackers. It is not enough just to have a Firewall as these can be penetrated, but you will need to go through all the PCI compliance requirements that I mentioned in Tip#14 which can be very costly. To avoid this all together, refrain from storing any cardholder information on your computer. Transfer it all to an online secure terminal or the old fashioned way, paper records. Even paper records can be at risk though and should be kept securely in a filing cabinet under lock and key as theft is a problem there also. Online is the way to go if at all possible and I can help you implement this in a very efficient and cost effective solution for you no matter what your business! Just get in touch with me at: [email protected]